Central Idea

In recent years, the SIM swap scam has emerged as a significant threat to individuals’ financial security.
This fraudulent scheme exploits the link between physical SIM cards and banking applications, allowing scammers to gain access to victim’s bank accounts and personal information.

SIM Swap Scam: An Overview

Exploiting Technological Advances: The SIM swap scam capitalizes on the integration of banking applications with phone numbers, enabling the generation of OTPs (One-Time Passwords) and the receipt of critical bank-related messages.
Acquiring Personal Data: Scammers begin by collecting victims’ personal details, including phone numbers, bank account information, and addresses, often through phishing or vishing (voice phishing) techniques. Phishing involves sending malware-laden links through emails or messages to steal personal data.
Forging Victim Identity: Armed with the stolen data, fraudsters visit a mobile operator’s retail outlet, impersonating the victim with forged ID proof. They falsely report the theft of the victim’s SIM card and/or mobile phone. As a result, they obtain a duplicate SIM card. Notably, fraudsters can secure a duplicate SIM even if the original is still functional. All activation messages and information are directed to the scammer rather than the victim.

Strategic Communication: In contrast to typical scams that involve tricking individuals into divulging OTPs and private data during phone calls, the SIM swap scam operates differently.
Distraction Tactic: Fraudsters initiate missed calls to their targets, prompting victims to check their phones and potentially ignore network connectivity issues.
SIM Exchange Execution: Perpetrators use these missed calls as a diversion while they execute the SIM swap. Once the SIM is swapped, fraudsters gain control over all calls and messages through the victim’s SIM, allowing them to initiate transactions unnoticed.

Phishing Information: After acquiring personal data through phishing attacks, scammers use this information to access bank portals and generate OTPs required for fund withdrawal.
OTP Access: Having control over the victim’s SIM card, fraudsters receive all OTPs, enabling them to authenticate transactions and steal money.
Data Sources: Accused individuals purchase data from hackers involved in data breaches or from online portals. Data breaches often involve private companies losing vast amounts of customer data.
Example: In April, Rentomojo, an electronics and furniture rental company, reported a data breach, acknowledging unauthorized access to customer data due to a cloud misconfiguration.

Absence of Arrests: Delhi Police has not made any arrests related to the SIM swap scam. The accused effectively evaded capture by discarding duplicate SIMs and operating from multiple locations.
Cryptocurrency Conversion: Stolen funds are often converted into cryptocurrency, making tracking Bitcoin or other cryptocurrency transactions impossible due to encryption.

Stay Vigilant: Be cautious of vishing or phishing attacks and avoid clicking on suspicious links or sharing sensitive information.
Don’t Ignore Missed Calls: Don’t ignore missed calls or switch off your phone, especially if you receive multiple missed calls. Contact your mobile operator immediately if such activity occurs.
Regularly Update Passwords: Change bank account passwords regularly for added security.
Set Up Alerts: Register for regular SMS and email alerts for banking transactions to stay informed.
Report Fraud: In case of fraud, promptly contact your bank authorities to block your account and prevent further fraud.